Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WebLogic Server和Express HTTP TRACE Credential Theft 漏洞
Vulnerability Description
BEA WebLogic Server和Express 8.1 SP2及其以前的版本,7.0 SP4及其以前的版本, 6.1至SP6,和5.1至SP13版本的默认配置响应HTTP TRACE请求,远程攻击者使用跨站跟踪攻击(XST)盗取信息,该攻击在易受跨站脚本影响的应用进程中。
CVSS Information
N/A
Vulnerability Type
N/A